Sebastian Wagner a écrit :
hi Oliver and Thibault,
It would be important to me that the User-Object is the same everytime
the User-Logs in.
Of course, but do you use the user paswword after authentication ?
Otherwise some of the functionality does not work like personal
folders in the Recordings-UI.
But from my point of view that is already done with the code Oliver
has done.
Sure, it is done, and must remain the same. My concern is only about the
user password duplicated on the OM database.
I would suggest that we write the User-id from LDAP in the field:
externalUserId of each user
and *ldap* or *openldap* or *ad* in the field
externalUserType of each user
created via LDAP
[if there is any User-id from LDAP only of course]
Yes there is, it's the user DN (Distinguished Name), which is unique per
Ldap entry inside a given Ldap directory.
That would be great indeed, and should be simple to implement
Sebastian
2010/4/15 smoeker <o.beche...@medint.de <mailto:o.beche...@medint.de>>
hola,
the original reason for storing the ldap passwd locally (md5
encrypted) within OM is to be able to use openMeetings, even if ldap
server is maintained/off/not available...
-> i remember a post, somebody saying its sometimes hard to keep syncd
with the Ldap Directory Admin - i agree with that ;-)
-> this is also the reason for storing the admins password locally -
admin users should always be able to access OM, even if there are
compilations with the Ldap Directory Server...
Since its always the Ldappassword that has to be correct (in case Ldap
is configured) , its not really duplicated, but stored as fallback
(this is working without stopping OM Server).
The userdata should be updated on every successful login , so the db
passwd should also always be in sync with the Ldap server. (The only
scenario it would fail would be, if LDAP password changes and ldap
server is off/not configured in OM, so the local password wouldn't
match the current DB password - but coding the fallback for the
fallback is not my flavour ;-))
i dont think i understand the random passowrd bypass via config -how
would a OM user authenticate, if Ldap server is off?
see ya
Smoeker
On 15 Apr., 13:51, t.lem...@gmail.com <mailto:t.lem...@gmail.com>
wrote:
> Hi,
>
> While reviewing the ldap authentication module, I found out that
once
> authenticated, OM records and updates the user's password in its
> internal DB.
> Why is that ?
>
> In LdapLoginManagement.java: in method doLdapLogin
> // Update password (could have changed in LDAP)
> u.setPassword(passwd);
>
> Since all authentications are done on the LDAP server, I think
it is a
> bad idea to duplicate the password in OM internal DB.
>
> Is there another good reason to do this ?
>
> The only reason I see so far is that in MainService, the loginUser
> method fails back to non LDAP authentication if the user has admin
> privileges. This also means that even if the user changes his
password
> in LDAP, his old password recorded to the OM db must be used...
>
> I think it would be better:
> * to set a random password value in the OM's Users tables for
the Ldap users
> * set a new parameter in om_ldap that will list admin users for
which
> LDAP auth must be bypassed (in order to keep a local admin login
even if
> LDAP is badly configured or unavailable).
>
> What do you think ?
>
> Thibault
--
You received this message because you are subscribed to the Google
Groups "OpenMeetings User" group.
To post to this group, send email to
openmeetings-user@googlegroups.com
<mailto:openmeetings-user@googlegroups.com>.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com
<mailto:openmeetings-user%2bunsubscr...@googlegroups.com>.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
--
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba.wag...@gmail.com <mailto:seba.wag...@gmail.com>
--
You received this message because you are subscribed to the Google
Groups "OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
--
You received this message because you are subscribed to the Google Groups
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
